[Pkg-clamav-devel] Bug#507624: clamav: recursive stack overflow in jpeg parsing code
Michael Gilbert
michael.s.gilbert at gmail.com
Wed Dec 3 02:04:33 UTC 2008
Package: clamav
Version: 0.90.1dfsg-4etch15 , 0.94.dfsg-1 , 0.94.dfsg.2-1
Severity: grave
Tags: security
Justification: user security hole
ubuntu recently issued a security notice for clamav [1] that fixes a
recursive stack overflow problem in the jpeg parsing code. there is no CVE
id at this point, and the problem is already fixed upstream in clamav
version 0.94.2. further details can be found in the ubuntu bug log [2].
they issued fixes insanely fast on this one (within twenty-seven hours of the
initial report) -- very commendable.
thanks for working to keep debian secure.
[1] http://www.ubuntu.com/usn/usn-684-1
[2] https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/304017
More information about the Pkg-clamav-devel
mailing list